Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108

Thursday, 02 September 2021 08:24

Rockwell Automation: We cannot allow cyberattacks to be the new normal

By Sabyasachi Goswami, Rockwell Automation
Sabyasachi Goswami, Commercial Services, APAC Rockwell Automation Sabyasachi Goswami, Commercial Services, APAC Rockwell Automation

GUEST OPINION by Sabyasachi Goswami, Commercial Leader, Commercial Services, APAC Rockwell Automation: The pandemic has exposed the vulnerabilities of the global manufacturing and supply-chain processes long hidden beneath the surface.

Cybersecurity has been a decades-long “grey rhino” in the wings of this “black swan” event. Last year, a Tokopedia data breach jeopardised more than 15 million user accounts, and cybercrime accounted for 43 percent of all crime in Singapore. Interconnectivity in a digital landscape may bring greater agility and convenience to manufacturers but the same benefits apply to malevolent players which are now no longer encumbered by geography.

Much like multi-layered anti-COVID measures, from defense (face masks and hand sanitisers) to prevention (lockdowns), rapid detection (PCR kits), and a cure (vaccines and antiviral drugs), corporations need to apply the same robust approach to protecting critical infrastructure.

Convergence of IT and OT

Increased interconnectivity also extends to hackers. Companies need to understand that there is no “air gap” between Information Technology (IT) and Operational Technology (OT) – the technology directly monitoring and or controlling industrial equipment, assets, and processes. These are not separate entities but two halves of a whole enterprise.

While many have taken measures to secure IT, their OT systems remain under-protected, becoming a convenient “backdoor” for hackers to breach. Ransomware incidents have become increasingly frequent in manufacturing. Ransomware attackers can penetrate a chink in the armour within minutes and spend months “dormant.” They silently infiltrate the entire network and stay undetected for months while gathering data and critical information before striking.

A recurring issue in OT security is legacy infrastructure, built decades before high-speed internet was commonplace. This means older machinery, equipment and computer systems are a worrying blind spot to IT and security operations teams and can also result in exposure. For example, a factory’s central conveyor belt might still run on an outdated edition of Windows XP no longer supported by its developer, nor compatible with the latest updates and protections.

There is a lot of complexity in the OT layer for manufacturers to address, alongside balancing the costs to modernise. This process is often deprioritised and delayed. Modernisation takes time and requires multi-year transformation. But by making these changes now, organisations can immediately adopt best practices to build a holistically secure IT/OT network environment to neutralise potential threats.

The myth of the panacea

Similar to how we have managed to bring disease outbreaks such as polio and smallpox under control, a multi-layered defence strategy is needed to detect and deter malicious players. Organisations should start with a holistic enterprise-wide security assessment that includes:

  • An inventory of authorised and unauthorised devices and software
  • Detailed observation and documentation of system performance
  • Identification of tolerance thresholds and risk and vulnerability indications
  • Prioritisation of each vulnerability based on impact and exploitation potential
  • Mitigation techniques required to bring an operation to an acceptable risk state

To develop a robust safety net, organisations must account for software, networks, control systems, site-infrastructure nuances, policies, procedures, and even employee behaviours. Rockwell Automation has defined five core security principals when developing a control system:

1. Secure network infrastructure – A resilient industrial network security system limits access to authorised individuals and protects data against manipulation or theft. With telecommuting becoming the norm, security systems must account for the remote connectivity of people, processes, and information. Networks used in large-scale industrial applications can harness cloud technology, data analytics, and mobility tools to optimise systems monitoring. 

2. Authentication and policy management – Often overlooked when developing safety controls around user authentication is the need to minimize potential exposure to threats from internal resources. Management user accounts should be integrated with a means of centralised control. Scalable solutions should also be planned to allow for flexible workflows around disconnected environments, guest user access, and temporary privilege escalation before the necessity arises.

3. Content protection – Automation equipment such as controllers often contain sensitive information. Smart industrial systems require a common, secure environment to protect an organisation’s intellectual property while maintaining productivity and quality.

4. Tamper detection – Unwanted activity and modifications within operational systems can be quashed through speedy detection, recording, and a strong coordinated response. Measures to deter and address potential threats should include a means to centrally record and track all user actions, regular backups of operating asset configurations and electronic files, as well as a meticulous inventory of all devices on a plant floor. 

5. Robustness – Plant machinery, operation systems and data storage units can be brought together under a single-system architecture that allows for centralised monitoring and reporting. By leveraging Converged Plantwide Ethernet (CPwE), multinational corporations can achieve greater flexibility, visibility, and efficiency required to remain competitive while retaining full control over their digital assets. 

Prevention is always better than cure

Placing equal importance on cybersecurity advancements is essential to future-proofing an organisation. Investing in IT alone can capture short-term growth prospects but leave these gains vulnerable to an overnight cyberattack. Much like how vaccines are crucial to herd immunity, a modern enterprise is only as strong as its weakest link. The best defence is a good offence, via a comprehensive network security system.


Subscribe to ITWIRE UPDATE Newsletter here

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments